Facebook Scam & Identify Theft
What happened to me
On Tue Dec 23 2008 I ( MarcFreedman ) was the victim of identify theft. My Facebook account was hijacked. I do not know how the password was obtained or the account was otherwise broken into. People have suggested phishing web sites, virus, keylogging software, though I don't believe any of this happened in this case.
I was alerted by a phone call from one of my contacts. The thief (or rather one of multiple thieves) sent instant messages to my contacts who were online claiming that I was robbed, stranded in London, and needed money to return to the US. While a number of people though this was fishy, the thief was sufficiently compelling that half a dozen people sent from $400 to $600. A few other people tried to send money but weren't successful for various reasons. A few (surprisingly few) directly contacted me by email or phone to validate the Facebook claim.
This con was well planned. My email addresses and passwords were changed. Friends or posts that complained or alert others to the con were removed. It was timed right before Xmas eve when I might be away (fortunately I wasn't) and Facebook service would be on break. It appears that several people were involved based on the amount of messages and IMs they sent from my account (and I’m sure many other compromised ones).
I complained to Facebook immediately as did several people contacted by the the thieves. It took Facebook two days to remove my account.
I posted the scam to my LinkedIn networking forum -
http://finance.groups.yahoo.com/group/MyLinkNetwork/message/620 . In addition I sent an email blast to all my business contacts as I didn't have access to or a copy of my Facebook friends.
A chat with the fraudsters
Here is the facebook IM conversation I had with them:
8:13am Marc
Hello
8:31am Zac
hi
8:32am Marc
i'm stuck in london
8:32am Zac
ouch
8:33am Marc
i was robbed at the hotel where i lodged
all my money was stolen
my cresit card was too
8:33am Zac
omg. that sucks!
8:33am Marc
this made me stuck here becasue i dont have all the money i need to
get a flight ticket back home
so now
i'm trying to raise some money to get home becasue i want to leave
here for home today by all means
8:36am Zac
ouch. i wish i could help but I got laid off from TI 2 month ago and
have nothing to spare at the moment.
8:37am Marc
ouch...well
thanks anyway for your concern
8:38am Zac
yeah, anything else I can do, I would love to help
8:39am Marc
right now, the only help i need is financial help and nothing more
8:40am Marc
but man, as it is, whatever amount i'm asking, i will pay you back as
soon as i get back home
i promise
so it's not like you are losing it
Identity is increasing and sadly common
The following is just from my small network.
Mel S
Same thing happened to me about 6 weeks ago - it took me about 2 1/2 weeks to get my account back.
Bryan D
My girlfriend's facebook was hacked earlier this month. It was because of a phishing website, so be careful!
Ken H
It happened to a friend of mine, Norma B in Arizona, I got one of the emails, fortunately I called her to see if she was in London, and of course she wasn’t.
Stan Relihan
I'm not a member of Facebook & had no intention of joining - however, last week, my daughter has pointed out to me that someone has set up a 'Stan Relihan' account on Facebook (although so far, only the name) - so evidently I am being positioned for an attack similar to the one you've recently experienced.
Allen Beuershausen
I chatted with your scammer last night. He tried to hit me up for cash to "get back home from London after being robbed". He started off by sending me a bogus friend suggestion from a good friend of mine the day before. I "friended" you (actually him/her) because the friend who supposedly recommended you is someone I trust a great deal. I saw through the scam and sent him/her nothing. The story was good, but there were some obvious holes in it.
I don't want this to happen to me, so I went online to do some research on Facebook hacks. What I found is that there is a sub-culture of low-lifes dedicated to Facebook hacks, among others. Hotmail is quite vulnerable too. Another friend of mine learned this recently. His Hotmail account was compromised, and the scammer said he needed about $4,500 to get back from Malaysia. I knew that to be completely untrue. The scam was almost identical to the one involving you. (By the way, in his case, the scammer changed his password and locked him out, so it took him two weeks to be able to warn the people in his contact list, thanks to Hotmail's apathy. Apparently, this is standard operating procedure for hackers.)
Here is a link that might help you avoid it in the future, or at least make it more difficult for someone to hack you: http://answers.yahoo.com/question/index?qid=20081207142748AAGtK5u Let's just say that virus and key logger scans are key.
Protect Yourself
Open Networkers
- Use separate email addresses for work, personal, networking.
- Use disposable email addresses, especially for your networking address. Such as webmail or from a domain you own and control.
Practice Safe Internet
- Make sure you have the latest version for your browser and email.
- Use anti-virus software.
- Don't click on email attachments you don't trust, especially any executable or similar file (ends in .exe, .bat, .com, .zip).
- Be suspicious (such as email from your bank or other provider about verifying your account, order, or transaction).
- Use smart passwords (long, mix characters and numbers, nothing personal, change regularly)
Own and Manage Your Network
Online identify theft works because there of the anonymity that exists over the Internet. The more you know about your contacts and the easier you can contact them, the better you can protect yourself, whether your identity is stolen or you are solicited by another.
- Own your contacts. Don't rely on an external service that can be hacked as the only source. Make sure to back them up.
- Central address book. Centralize, tag, and manage your contacts so you have one place to quickly turn to find and contact someone.
- Advanced address book. Ideally your address book or information manager contains more than contacts. Use it to store notes and message so you can easily verify the identify of people
- Relationships, not contacts. Proactively and regularly stay in touch with your contacts. When you've talked to people and exchanged personal and custom messages, you know them far better and can easily separate the fake from the real person.
Recommended provider - http://wemeus.com
Articles and Blogs
Marc Freedman Interview with Stan Relihan
http://www.tinyurl.com/MarcFreedman2
Latest Facebook Scam: Phishers Hit Up "Friends" for Cash
http://www.techcrunch.com/2009/01/20/latest-facebook-scam-phishers-hit-up-friends-for-cash/
Fears of impostors increase on Facebook
http://www.cnn.com/2009/TECH/02/05/facebook.impostors/index.html?iref=mpstoryview
Cyber ID theft concern as 'space faking' soars
http://www.smh.com.au/news/technology/security/space-faking-soars/2009/01/03/1231003815190.html
Fake LinkedIn Profiles Spread Malware
http://news.softpedia.com/news/Fake-LinkedIn-Profiles-Spread-Malware-101370.shtml
Protecting your network
http://www.michaeljzimmer.com/group/whitesquallbookandtraining/forum/topics/protecting-your-network
LinkedIn pages that promise prurient pics link to malware
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=332205
Hackers target celebrities' web accounts
http://www.smh.com.au/news/technology/web/kanye-west-latest-victim-of-password-hackers/2009/01/27/1232818396341.html
Even PhD professors get scammed
http://www.elliott.org/blog/can-this-trip-be-saved-email-scam-cost-me-6600-can-you-get-it-back/
Comments (0)
You don't have permission to comment on this page.